Troj/Wonton-CR

Category: Viruses and SpywareProtection available since:08 May 2014 22:33:31 (GMT)
Type: TrojanLast Updated:09 May 2014 04:21:27 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Wonton-CR include:

Example 1

File Information

Size
399K
SHA-1
113e066544e9d74fc2915c36b01f5034d0cb2cd8
MD5
388d120df1af5e30ea2627f4af1adce3
CRC-32
9d5c68a5
File type
application/x-ms-dos-executable
First seen
2014-05-08

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\Emcei\occiha.exe
    Size
    399K
    SHA-1
    a126b9095b15439556c714940faf83813b7fa3ce
    MD5
    3e2e06c3e50a4dd9d9355d23487ba0b9
    CRC-32
    e980b117
    File type
    application/x-ms-dos-executable
    First seen
    2014-05-08
  • c:\Documents and Settings\test user\Local Settings\Temp\OTU6ACB.bat
    Size
    100
    SHA-1
    a2f4ed815936c97e18a18213f2b341a98224ab31
    MD5
    4966e212dd73866de6455e48e7b0d327
    CRC-32
    e8c4a9c7
    File type
    application/octet-stream
    First seen
    2014-05-08
  • C:\WINDOWS\system32\drivers\1a757.sys
    Size
    56K
    SHA-1
    8c321e87a1d1dc176619d1cd6c140d22eb0d4faa
    MD5
    4dd92d1bd1ccc825adb47e0c57746e94
    CRC-32
    0daee4a8
    File type
    Windows executable
    First seen
    2014-05-07
Registry Keys Created
  • HKCU\Software\Microsoft\Aneqiwway
    1f0gagb6
    $&□ =□ □□□□□□□□□□□0[□
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\emcei\occiha.exe
  • c:\windows\system32\cmd.exe

Example 2

File Information

Size
397K
SHA-1
1b26de7f6be8b46737d2f4f4cf000723b422eb17
MD5
0d9f3db42b934a38e9c9e9084ea555c8
CRC-32
30ef4be3
File type
application/x-ms-dos-executable
First seen
2014-05-08

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\UBV835.bat
    Size
    106
    SHA-1
    7fb86e46b965117a19f5f24653e9cce6528b5b78
    MD5
    5f313fb5c81fdc6b4b8300409f17075b
    CRC-32
    5ac612de
    File type
    application/octet-stream
    First seen
    2014-05-08
  • c:\Documents and Settings\test user\Local Settings\Temp\Oqypi\liygno.exe
    Size
    397K
    SHA-1
    850d54b222ab48d1804ecf9915ab4aedbbe43cb0
    MD5
    dfb215608a5fed6ff64c5c9498dcae06
    CRC-32
    53562a22
    File type
    application/x-ms-dos-executable
    First seen
    2014-05-08
  • C:\WINDOWS\system32\drivers\1c2dd.sys
    Size
    56K
    SHA-1
    8c321e87a1d1dc176619d1cd6c140d22eb0d4faa
    MD5
    4dd92d1bd1ccc825adb47e0c57746e94
    CRC-32
    0daee4a8
    File type
    Windows executable
    First seen
    2014-05-07
Registry Keys Created
  • HKCU\Software\Microsoft\Jiewfigu
    170iaf08
    □□□`D□P□□@□□□*□□□□
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\oqypi\liygno.exe
  • c:\windows\system32\cmd.exe

Example 3

File Information

Size
397K
SHA-1
895376adba473f436b2114eacfedff83b9c4f08c
MD5
3d6a1d7c94dcddf5eacfa23fb2cdffef
CRC-32
6e0c40a0
File type
application/x-ms-dos-executable
First seen
2011-06-27